Today > vulnerabilities   -   You can now download lists of IOCs here!

Lost in the Fog: A New Ransomware Threat

June 7, 2024, 10:37 a.m.

Tags
ransomware
encryption
lateral movement
credential
2024-06-07
backup deletion
foggyweb
External References
Description

Arctic Wolf Labs began monitoring the deployment of a new ransomware variant called Fog in early May 2024. The ransomware attacks targeted organizations in the education and recreation sectors within the United States. Evidence suggests threat actors gained initial access through compromised VPN credentials and leveraged techniques like credential dumping, lateral movement tools like PsExec, and ransomware payloads with capabilities to disable defenses, encrypt data, and delete backups. The actors appeared financially motivated, seeking rapid encryption and ransom payment rather than data exfiltration.

Date

Published: June 7, 2024, 10:34 a.m.

Created: June 7, 2024, 10:34 a.m.

Modified: June 7, 2024, 10:37 a.m.

Indicators

8b9c7d2554fe315199fae656448dc193accbec162d4afff3f204ce2346507a8a

d0c1662ce239e4d288048c0e3324ec52962f6ddda77da0cb7af9c1d9c2f1e2eb

77.247.126.200

5.230.33.176

107.161.50.26

Download all indicators here!

Attack Patterns

FoggyWeb - S0661

T1135

T1490

T1550

T1110

T1136

T1555

T1021

T1489

T1486

T1070

T1570

T1569

T1046

T1140

T1562

T1133

T1078

T1003

T1059

CVE-2024-4358

CVE-2024-1800

Additional Informations

Education

United States of America